add dns names and ip addresses with tests
This commit is contained in:
parent
dac4b27f74
commit
0a7c8b863b
|
@ -8,7 +8,9 @@ import (
|
|||
"fmt"
|
||||
"flag"
|
||||
"io"
|
||||
"net"
|
||||
"os"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
type (
|
||||
|
@ -16,38 +18,41 @@ type (
|
|||
PrivateKeyPath string // path to the private key
|
||||
Output string // path where to store the CSR
|
||||
BaseAttributes pkix.Name
|
||||
DNSNames []string // alternative names to the BaseAttributes.CommonName
|
||||
IPAddresses []net.IP // alternative IP addresses
|
||||
|
||||
private_key PrivateKey
|
||||
output_stream io.WriteCloser // the output stream for the CSR
|
||||
output_stream io.Writer // the output stream for the CSR
|
||||
}
|
||||
)
|
||||
|
||||
var (
|
||||
COMMA_SPLIT = regexp.MustCompile(`,[[:space:]]?`)
|
||||
)
|
||||
|
||||
// create a sign request with a private key
|
||||
func create_sign_request() {
|
||||
flags := parse_sign_flags()
|
||||
flags.private_key = load_private_key(flags.PrivateKeyPath)
|
||||
|
||||
var err error
|
||||
flags.output_stream, err = open_output_stream(flags.Output)
|
||||
stream, err := open_output_stream(flags.Output)
|
||||
if err != nil {
|
||||
crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err))
|
||||
}
|
||||
defer flags.output_stream.Close()
|
||||
defer stream.Close()
|
||||
flags.output_stream = stream
|
||||
|
||||
csr_template := &x509.CertificateRequest{
|
||||
Subject: flags.BaseAttributes,
|
||||
}
|
||||
csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
|
||||
if err != nil {
|
||||
if err = create_csr(flags); err != nil {
|
||||
fmt.Fprintln(os.Stderr, "Error when generating CSR: ", err)
|
||||
os.Exit(3)
|
||||
}
|
||||
block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
|
||||
pem.Encode(flags.output_stream, block)
|
||||
}
|
||||
|
||||
// parse the flags to create a certificate sign request
|
||||
func parse_sign_flags() SignFlags {
|
||||
dns_names := "" // string to hold the alternative names
|
||||
ips := "" // string to hold the alternative ips
|
||||
|
||||
flags := SignFlags{}
|
||||
fs := flag.NewFlagSet("create-cert-sign", flag.ExitOnError)
|
||||
fs.StringVar(&flags.PrivateKeyPath, "private-key", "", "path to the private key file")
|
||||
|
@ -56,7 +61,32 @@ func parse_sign_flags() SignFlags {
|
|||
flags.BaseAttributes = pkix.Name{}
|
||||
fs.StringVar(&flags.BaseAttributes.CommonName, "common-name", "", "the name of the resource")
|
||||
fs.StringVar(&flags.BaseAttributes.SerialNumber, "serial", "1", "serial number for the request")
|
||||
fs.StringVar(&dns_names, "names", "", "alternative names (comma separated)")
|
||||
fs.StringVar(&ips, "ips", "", "alternative IPs (comma separated)")
|
||||
|
||||
fs.Parse(os.Args[2:])
|
||||
|
||||
// convert array flags to config structs
|
||||
flags.DNSNames = COMMA_SPLIT.Split(dns_names, -1)
|
||||
tmp_ips := COMMA_SPLIT.Split(ips, -1)
|
||||
for _, sip := range tmp_ips {
|
||||
flags.IPAddresses = append(flags.IPAddresses, net.ParseIP(sip))
|
||||
}
|
||||
|
||||
return flags
|
||||
}
|
||||
|
||||
// generate the csr and print into flags.output_stream
|
||||
func create_csr(flags SignFlags) (error) {
|
||||
csr_template := &x509.CertificateRequest{
|
||||
Subject: flags.BaseAttributes,
|
||||
DNSNames: flags.DNSNames,
|
||||
IPAddresses: flags.IPAddresses,
|
||||
}
|
||||
csr_raw, err := x509.CreateCertificateRequest(rand.Reader, csr_template, flags.private_key)
|
||||
if err != nil { return err }
|
||||
|
||||
block := &pem.Block{Type: TypeLabelCSR, Bytes: csr_raw}
|
||||
pem.Encode(flags.output_stream, block)
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"testing"
|
||||
)
|
||||
|
||||
type CSRTest struct {
|
||||
ShouldBe []string
|
||||
Set func(*SignFlags)
|
||||
Fetch func(*x509.CertificateRequest) []string
|
||||
}
|
||||
|
||||
const (
|
||||
RAW_PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY-----
|
||||
MIHbAgEBBEFkAEFc5264Yo7Xo+yj3ZwaqdffTphGT3/8Q+pvi4ULmXaFiGoTkR5X
|
||||
lKnlRUEp0I4Ra9U7GjLDtFLwTaLzdXuUT6AHBgUrgQQAI6GBiQOBhgAEAdW0usq0
|
||||
zEzvhR0u5ZSbOXRzg+TbICZGfOLy9KpKfz6I6suFOAO7f3fwDNOqMfyYUhtenMz7
|
||||
T/BKArg+v58UWHrwAb/UeI4l+OMOoMHYtNNO4nAjTdyY8yFSFY5syzKEYIBzUoLM
|
||||
VSfuxBk5ZS2J478X1Vxacq03keDeAY43Oc80XBih
|
||||
-----END EC PRIVATE KEY-----`
|
||||
)
|
||||
|
||||
func SetupTest() (*SignFlags, *bytes.Buffer) {
|
||||
p, _ := pem.Decode([]byte(RAW_PRIVATE_KEY))
|
||||
buf := bytes.NewBuffer(make([]byte, 0))
|
||||
|
||||
flags := &SignFlags{
|
||||
private_key: load_private_key_ecdsa(p),
|
||||
output_stream: buf,
|
||||
}
|
||||
return flags, buf
|
||||
}
|
||||
|
||||
func TestCSRGeneration(t *testing.T) {
|
||||
tests := []CSRTest {
|
||||
{
|
||||
[]string{"foo"},
|
||||
func(f *SignFlags) { f.BaseAttributes.CommonName = "foo" },
|
||||
func(c *x509.CertificateRequest) []string { return []string{c.Subject.CommonName} },
|
||||
}, {
|
||||
[]string{"foo.com", "bar.com", "baz.com"},
|
||||
func(f *SignFlags) { f.DNSNames = []string{ "foo.com", "bar.com", "baz.com" }},
|
||||
func(c *x509.CertificateRequest) []string { return c.DNSNames },
|
||||
},
|
||||
{
|
||||
[]string{"127.0.0.1", "192.168.0.1"},
|
||||
func(f *SignFlags) { f.IPAddresses = []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.0.1") }},
|
||||
func(c *x509.CertificateRequest) []string {
|
||||
res := make([]string, 0)
|
||||
for _, ip := range c.IPAddresses {
|
||||
res = append(res, ip.String())
|
||||
}
|
||||
return res
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
flags, io := SetupTest()
|
||||
test.Set(flags)
|
||||
|
||||
create_csr(*flags)
|
||||
res, _ := ioutil.ReadAll(io)
|
||||
raw, _ := pem.Decode(res)
|
||||
|
||||
csr, _ := x509.ParseCertificateRequest(raw.Bytes)
|
||||
if !diff(test.ShouldBe, test.Fetch(csr)) {
|
||||
t.Logf("Expected: %v\nbut got: %v", test.ShouldBe, test.Fetch(csr))
|
||||
t.Fail()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func diff(a, b []string) bool {
|
||||
if len(a) != len(b) { return false }
|
||||
for i, e := range a {
|
||||
if e != b[i] { return false }
|
||||
}
|
||||
return true
|
||||
}
|
Loading…
Reference in New Issue